@vess-id/ai-identity 0.5.0-alpha.11 → 0.5.0-alpha.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +34 -1
- package/dist/index.js +15 -0
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +13 -0
- package/dist/index.mjs.map +1 -1
- package/dist/registry/index.d.ts +2 -0
- package/dist/registry/index.d.ts.map +1 -1
- package/dist/registry/reauth-constants.d.ts +33 -0
- package/dist/registry/reauth-constants.d.ts.map +1 -0
- package/package.json +1 -1
package/dist/index.d.mts
CHANGED
|
@@ -8235,6 +8235,39 @@ declare function getValidMcpActionNames(toolName: string): string[];
|
|
|
8235
8235
|
*/
|
|
8236
8236
|
declare function normalizeMcpActionName(toolName: string, actionName: string): string;
|
|
8237
8237
|
|
|
8238
|
+
/**
|
|
8239
|
+
* Cross-package constants for the reauth pipeline.
|
|
8240
|
+
*
|
|
8241
|
+
* These string literals are contract-level identifiers shared between:
|
|
8242
|
+
* - api (`tool-auth.service.ts`, `token-refresh.service.ts`)
|
|
8243
|
+
* - remote-mcp (`mcp-format-result.ts`)
|
|
8244
|
+
* - agentd (`gateway-client.ts`, `credential-errors.ts`, `execution-engine.ts`)
|
|
8245
|
+
*
|
|
8246
|
+
* Hard-coding them at each site made typo bugs silent. Centralizing here
|
|
8247
|
+
* means any renames surface as a compile error on every import site.
|
|
8248
|
+
*/
|
|
8249
|
+
/**
|
|
8250
|
+
* Value for `ToolInvokeResponse.metadata.action` when the api signals a
|
|
8251
|
+
* revoked/expired OAuth token. Consumers branch on this to render a reauth
|
|
8252
|
+
* prompt (Slack DM card, CLI authUrl, etc.) instead of treating the response
|
|
8253
|
+
* as a normal error.
|
|
8254
|
+
*/
|
|
8255
|
+
declare const REAUTH_REQUIRED_ACTION: "reauth_required";
|
|
8256
|
+
/**
|
|
8257
|
+
* Error codes emitted by agentd's `gateway-client.invokeTool` to classify
|
|
8258
|
+
* failure modes for the ExecutionEngine to branch on. Kept as a const object
|
|
8259
|
+
* rather than an enum so it serializes cleanly across the wire and in logs.
|
|
8260
|
+
*/
|
|
8261
|
+
declare const GATEWAY_ERROR_CODE: {
|
|
8262
|
+
/** Upstream OAuth token is revoked — the user must re-auth at the SaaS provider. */
|
|
8263
|
+
readonly REAUTH_REQUIRED: "REAUTH_REQUIRED";
|
|
8264
|
+
/** Local VC/VP is invalid (expired, malformed, signature mismatch). Try VC reissuance. */
|
|
8265
|
+
readonly CREDENTIAL_INVALID: "CREDENTIAL_INVALID";
|
|
8266
|
+
/** VC allowed a different resource than the request targeted. Try a new approval. */
|
|
8267
|
+
readonly RESOURCE_MISMATCH: "RESOURCE_MISMATCH";
|
|
8268
|
+
};
|
|
8269
|
+
type GatewayErrorCode = (typeof GATEWAY_ERROR_CODE)[keyof typeof GATEWAY_ERROR_CODE];
|
|
8270
|
+
|
|
8238
8271
|
interface ActionParamDisplay {
|
|
8239
8272
|
label: string;
|
|
8240
8273
|
value: string;
|
|
@@ -8574,4 +8607,4 @@ declare function getTierLimits(tier: string | undefined | null): TierLimits;
|
|
|
8574
8607
|
|
|
8575
8608
|
declare const version = "0.0.1";
|
|
8576
8609
|
|
|
8577
|
-
export { type ABACPolicyEngine, ACTION_PARAMS_MAX_SIZE, ACTION_PREFIXES, ACTION_REGISTRY, AIdentityClient, type AIdentityConfig, AIdentityError, type APIAgent, type APICredential, APIVCManager, type AbacDecision, type AbacInput, type AcceptInvitationRequest, type AckEventResponse, type ActionInputSchema, type ActionMapping, type ActionMeta, type ActionParamDisplay, type ActionRegistry, type ActionRiskLevel, type Agent, type AgentCreateOptions, type AgentDIDConfig, AgentDIDManager, AgentManager, AgentStatus, AgentType, type AgentWithId, AllowAllAbac, type AnyProvider, type ApiKeyValidationResult, type AuditEvent, type AuditQuery, AuthProvider, type AuthState, AuthenticationError, type AutoApproveConfig, type BindingSource, CANONICAL_PROVIDERS, type CanonicalProvider, type CapabilityMeta, type CheckGrantPermissionRequest, type CheckGrantPermissionResult, type CheckPermissionInput, type CheckPermissionResult, type CollectContextRequest, type ConfirmGrantSuggestionRequest, type ConnectorAction, type ConnectorConfig, type ConnectorExecutionContext, type ConnectorResponse, type ConnectorResponseMetadata, type ConnectorTokenConfig, type ConstraintEvaluationResult, ConstraintEvaluator, type ConstraintEvaluatorOptions, type ConstraintViolation, type ConstraintWarning, type ContextBindingSource, type ContextProvider, type CreateGrantRequest, type CreateInvitationRequest, type CreateReceiptRequest, type CredentialRef, CredentialStatus, type CredentialStore, CredentialType, DEFAULT_CONSTRAINTS_BY_RISK, type DIDDocument, type DataAccessVC, type DecisionTrace, type DelegationVC, DeviceEnrollManager, type DeviceEnrollPollResult, type DeviceEnrollServerSideParams, type DeviceEnrollStartParams, type DeviceEnrollStartResult, type DisclosureFields, DummyCreds, DummyVpVerifier, type EmployeeVPRequest, type EvaluationContext, type ExternalActionRequest, FilesystemKeyStorage, GatewayClient, GatewayError, type GatewayEvent, type GetEventsOptions, type GetEventsResponse, type GitHubConfig, type GoogleConfig, type Grant, type GrantConstraints, type GrantResource, GrantResourceType, GrantScope, GrantStatus, type GrantUsage, type IConnectorService, type IStateStore, type Intent, type IntentEvaluationResult, type IntentObligation, type IntentResource, InvalidVPError, type Invitation, type InvitationRole, InvitationStatus, type IssueSDJWTVCRequest, type IssueSDJWTVCResult, type JiraBoard, type JiraConfig, type JiraIssue, type JiraIssueType, type JiraProject, type JiraSprint, type JiraStatus, type JiraUser, type JiraWorklog, type JsonSchema, JsonStateStore, KeyManager, type KeyPairGenerationResult, type KeyStorageConfig, type KeyStorageProvider, LEGACY_RESOURCE_TYPE_MAP, type MemoryDocument, MemoryKeyStorage, MemoryManager, type MemoryQuery, type MemoryQueryResult, NetworkError, type NormalizeIntentRequest, type NormalizedIntent, type OAuthAuthorizeRequest, type OAuthCallbackParams, type OAuthConnection, OAuthProvider, type OAuthToken, type OrganizationConfig, type OrganizationPermission, type OrganizationPolicy, type OrganizationVC, PROVIDER_ALIASES, type ParamBindingSource, type ParsedResourceType, type PermissionConstraints, type PermissionMode, type PermissionResource, type PermissionRule, type PermissionTimeConstraint, type PermissionVcClaims, type PlanDelegationInput, type PlanDelegationResult, type PolicyCondition, type PolicyEvaluationResult, type PolicyInput, type PolicyRule, type PolicyTarget, type Provider, RESOURCE_TYPES, type ReBACChecker, type Receipt, type ReceiptListResult, type ReceiptOutcome, type ReceiptSearchQuery, ReceiptStatus, type Relation, type ResolvedTargets, type ResourceIdBinding, type ResourceRef, type ResourceScope, type ResourceType, type RiskAssessmentResult, type RiskFactor, type RiskLevel, SDJwtClient, ScopeUnmatchedError, type SecondaryBinding, SimpleRebac, type SlackConfig, StandardActionCategory, type SuggestGrantRequest, type SuggestedAction, type SuggestedConstraints, type SuggestedGrant, type SuggestedResource, type SuggestionRiskLevel, TIER_LIMITS, type TargetBindings, type TargetConstraint, TargetResolver, type TierLimits, type TimeWindowCheckResult, type TimeWindowConstraint, type ToolDefinition, type ToolInvocation, ToolManager, type ToolPermissionRequest, type ToolPermissionVC, type UnifiedResourceType, type UpdateGrantRequest, type UserIdentity, type UserIdentityConfig, type UserIdentityCreateOptions, UserIdentityManager, UserKeyPairManager, type UserTier, VALID_MCP_ACTIONS, VALID_MCP_TOOLS, VCExpiredError, VCManager, VCRevokedError, VCStatus, type VCTemplate, VCType, VPManager, type VPRequest, type VerifiablePresentation, type VerificationMethod, type VerifiedVcClaims, type VerifyInvitationResponse, type VerifyReceiptRequest, type VerifyReceiptResult, type VerifySDJWTVCResult, type VpVerifier, WRITE_ACTION_NAMES, type WeeklyReportData, type WeeklyReportSummary, buildGrantIdFields, canonicalizeAction, checkPermissionWithVP, configure, createAjv, createDidJwk, credentialStatusToVCStatus, defaultConstraintEvaluator, evaluateConstraints, extractProjectKey, extractPublicKey, extractPublicKeyFromDid, generateActionParamsDisplay, generateActionSummary, generateKeyPair, generateNonce, getActionAliases, getAllActionForms, getAllValidMcpActionNames, getClient, getDefaultDisclosureFields, getKeyIdFromDid, getRequiredRelations, getRequiredScopes, getTierLimits, getValidMcpActionNames, grantConstraintsToPermissionConstraints, grantToPermissionRules, indexActions, indexCapabilities, isActionEquivalent, isCanonicalProvider, isUnlimited, isValidDidJwk, isValidProvider, isWriteAction, loadActionRegistryFromFile, loadActionRegistryFromObject, normalizeMcpActionName, parseGrantAction, parseGrantResourceType, planDelegationForVC, publicKeysMatch, resolveActionsFromSelection, resolveProvider, resolveResourceType, resolveUserTier, signJWT, validateRegistryObject, vcStatusToCredentialStatus, verifyJWT, version };
|
|
8610
|
+
export { type ABACPolicyEngine, ACTION_PARAMS_MAX_SIZE, ACTION_PREFIXES, ACTION_REGISTRY, AIdentityClient, type AIdentityConfig, AIdentityError, type APIAgent, type APICredential, APIVCManager, type AbacDecision, type AbacInput, type AcceptInvitationRequest, type AckEventResponse, type ActionInputSchema, type ActionMapping, type ActionMeta, type ActionParamDisplay, type ActionRegistry, type ActionRiskLevel, type Agent, type AgentCreateOptions, type AgentDIDConfig, AgentDIDManager, AgentManager, AgentStatus, AgentType, type AgentWithId, AllowAllAbac, type AnyProvider, type ApiKeyValidationResult, type AuditEvent, type AuditQuery, AuthProvider, type AuthState, AuthenticationError, type AutoApproveConfig, type BindingSource, CANONICAL_PROVIDERS, type CanonicalProvider, type CapabilityMeta, type CheckGrantPermissionRequest, type CheckGrantPermissionResult, type CheckPermissionInput, type CheckPermissionResult, type CollectContextRequest, type ConfirmGrantSuggestionRequest, type ConnectorAction, type ConnectorConfig, type ConnectorExecutionContext, type ConnectorResponse, type ConnectorResponseMetadata, type ConnectorTokenConfig, type ConstraintEvaluationResult, ConstraintEvaluator, type ConstraintEvaluatorOptions, type ConstraintViolation, type ConstraintWarning, type ContextBindingSource, type ContextProvider, type CreateGrantRequest, type CreateInvitationRequest, type CreateReceiptRequest, type CredentialRef, CredentialStatus, type CredentialStore, CredentialType, DEFAULT_CONSTRAINTS_BY_RISK, type DIDDocument, type DataAccessVC, type DecisionTrace, type DelegationVC, DeviceEnrollManager, type DeviceEnrollPollResult, type DeviceEnrollServerSideParams, type DeviceEnrollStartParams, type DeviceEnrollStartResult, type DisclosureFields, DummyCreds, DummyVpVerifier, type EmployeeVPRequest, type EvaluationContext, type ExternalActionRequest, FilesystemKeyStorage, GATEWAY_ERROR_CODE, GatewayClient, GatewayError, type GatewayErrorCode, type GatewayEvent, type GetEventsOptions, type GetEventsResponse, type GitHubConfig, type GoogleConfig, type Grant, type GrantConstraints, type GrantResource, GrantResourceType, GrantScope, GrantStatus, type GrantUsage, type IConnectorService, type IStateStore, type Intent, type IntentEvaluationResult, type IntentObligation, type IntentResource, InvalidVPError, type Invitation, type InvitationRole, InvitationStatus, type IssueSDJWTVCRequest, type IssueSDJWTVCResult, type JiraBoard, type JiraConfig, type JiraIssue, type JiraIssueType, type JiraProject, type JiraSprint, type JiraStatus, type JiraUser, type JiraWorklog, type JsonSchema, JsonStateStore, KeyManager, type KeyPairGenerationResult, type KeyStorageConfig, type KeyStorageProvider, LEGACY_RESOURCE_TYPE_MAP, type MemoryDocument, MemoryKeyStorage, MemoryManager, type MemoryQuery, type MemoryQueryResult, NetworkError, type NormalizeIntentRequest, type NormalizedIntent, type OAuthAuthorizeRequest, type OAuthCallbackParams, type OAuthConnection, OAuthProvider, type OAuthToken, type OrganizationConfig, type OrganizationPermission, type OrganizationPolicy, type OrganizationVC, PROVIDER_ALIASES, type ParamBindingSource, type ParsedResourceType, type PermissionConstraints, type PermissionMode, type PermissionResource, type PermissionRule, type PermissionTimeConstraint, type PermissionVcClaims, type PlanDelegationInput, type PlanDelegationResult, type PolicyCondition, type PolicyEvaluationResult, type PolicyInput, type PolicyRule, type PolicyTarget, type Provider, REAUTH_REQUIRED_ACTION, RESOURCE_TYPES, type ReBACChecker, type Receipt, type ReceiptListResult, type ReceiptOutcome, type ReceiptSearchQuery, ReceiptStatus, type Relation, type ResolvedTargets, type ResourceIdBinding, type ResourceRef, type ResourceScope, type ResourceType, type RiskAssessmentResult, type RiskFactor, type RiskLevel, SDJwtClient, ScopeUnmatchedError, type SecondaryBinding, SimpleRebac, type SlackConfig, StandardActionCategory, type SuggestGrantRequest, type SuggestedAction, type SuggestedConstraints, type SuggestedGrant, type SuggestedResource, type SuggestionRiskLevel, TIER_LIMITS, type TargetBindings, type TargetConstraint, TargetResolver, type TierLimits, type TimeWindowCheckResult, type TimeWindowConstraint, type ToolDefinition, type ToolInvocation, ToolManager, type ToolPermissionRequest, type ToolPermissionVC, type UnifiedResourceType, type UpdateGrantRequest, type UserIdentity, type UserIdentityConfig, type UserIdentityCreateOptions, UserIdentityManager, UserKeyPairManager, type UserTier, VALID_MCP_ACTIONS, VALID_MCP_TOOLS, VCExpiredError, VCManager, VCRevokedError, VCStatus, type VCTemplate, VCType, VPManager, type VPRequest, type VerifiablePresentation, type VerificationMethod, type VerifiedVcClaims, type VerifyInvitationResponse, type VerifyReceiptRequest, type VerifyReceiptResult, type VerifySDJWTVCResult, type VpVerifier, WRITE_ACTION_NAMES, type WeeklyReportData, type WeeklyReportSummary, buildGrantIdFields, canonicalizeAction, checkPermissionWithVP, configure, createAjv, createDidJwk, credentialStatusToVCStatus, defaultConstraintEvaluator, evaluateConstraints, extractProjectKey, extractPublicKey, extractPublicKeyFromDid, generateActionParamsDisplay, generateActionSummary, generateKeyPair, generateNonce, getActionAliases, getAllActionForms, getAllValidMcpActionNames, getClient, getDefaultDisclosureFields, getKeyIdFromDid, getRequiredRelations, getRequiredScopes, getTierLimits, getValidMcpActionNames, grantConstraintsToPermissionConstraints, grantToPermissionRules, indexActions, indexCapabilities, isActionEquivalent, isCanonicalProvider, isUnlimited, isValidDidJwk, isValidProvider, isWriteAction, loadActionRegistryFromFile, loadActionRegistryFromObject, normalizeMcpActionName, parseGrantAction, parseGrantResourceType, planDelegationForVC, publicKeysMatch, resolveActionsFromSelection, resolveProvider, resolveResourceType, resolveUserTier, signJWT, validateRegistryObject, vcStatusToCredentialStatus, verifyJWT, version };
|
package/dist/index.js
CHANGED
|
@@ -52,6 +52,7 @@ __export(index_exports, {
|
|
|
52
52
|
DummyCreds: () => DummyCreds,
|
|
53
53
|
DummyVpVerifier: () => DummyVpVerifier,
|
|
54
54
|
FilesystemKeyStorage: () => FilesystemKeyStorage,
|
|
55
|
+
GATEWAY_ERROR_CODE: () => GATEWAY_ERROR_CODE,
|
|
55
56
|
GatewayClient: () => GatewayClient,
|
|
56
57
|
GatewayError: () => GatewayError,
|
|
57
58
|
GrantResourceType: () => GrantResourceType,
|
|
@@ -67,6 +68,7 @@ __export(index_exports, {
|
|
|
67
68
|
NetworkError: () => NetworkError,
|
|
68
69
|
OAuthProvider: () => OAuthProvider,
|
|
69
70
|
PROVIDER_ALIASES: () => PROVIDER_ALIASES,
|
|
71
|
+
REAUTH_REQUIRED_ACTION: () => REAUTH_REQUIRED_ACTION,
|
|
70
72
|
RESOURCE_TYPES: () => RESOURCE_TYPES,
|
|
71
73
|
ReceiptStatus: () => ReceiptStatus,
|
|
72
74
|
SDJwtClient: () => SDJwtClient,
|
|
@@ -5911,6 +5913,17 @@ function normalizeMcpActionName(toolName, actionName) {
|
|
|
5911
5913
|
return actionName;
|
|
5912
5914
|
}
|
|
5913
5915
|
|
|
5916
|
+
// src/registry/reauth-constants.ts
|
|
5917
|
+
var REAUTH_REQUIRED_ACTION = "reauth_required";
|
|
5918
|
+
var GATEWAY_ERROR_CODE = {
|
|
5919
|
+
/** Upstream OAuth token is revoked — the user must re-auth at the SaaS provider. */
|
|
5920
|
+
REAUTH_REQUIRED: "REAUTH_REQUIRED",
|
|
5921
|
+
/** Local VC/VP is invalid (expired, malformed, signature mismatch). Try VC reissuance. */
|
|
5922
|
+
CREDENTIAL_INVALID: "CREDENTIAL_INVALID",
|
|
5923
|
+
/** VC allowed a different resource than the request targeted. Try a new approval. */
|
|
5924
|
+
RESOURCE_MISMATCH: "RESOURCE_MISMATCH"
|
|
5925
|
+
};
|
|
5926
|
+
|
|
5914
5927
|
// src/registry/action-summary.ts
|
|
5915
5928
|
var ACTION_DISPLAY_CONFIGS = {
|
|
5916
5929
|
"slack.message.post": {
|
|
@@ -6191,6 +6204,7 @@ var version = "0.0.1";
|
|
|
6191
6204
|
DummyCreds,
|
|
6192
6205
|
DummyVpVerifier,
|
|
6193
6206
|
FilesystemKeyStorage,
|
|
6207
|
+
GATEWAY_ERROR_CODE,
|
|
6194
6208
|
GatewayClient,
|
|
6195
6209
|
GatewayError,
|
|
6196
6210
|
GrantResourceType,
|
|
@@ -6206,6 +6220,7 @@ var version = "0.0.1";
|
|
|
6206
6220
|
NetworkError,
|
|
6207
6221
|
OAuthProvider,
|
|
6208
6222
|
PROVIDER_ALIASES,
|
|
6223
|
+
REAUTH_REQUIRED_ACTION,
|
|
6209
6224
|
RESOURCE_TYPES,
|
|
6210
6225
|
ReceiptStatus,
|
|
6211
6226
|
SDJwtClient,
|